Introducing Device Monitoring: Elevating Visibility and Compliance with Securonix Unified Defense SIEM
SIEM
Securonix is excited to announce the general availability of Device Monitoring, a powerful new feature within its Unified Defense SIEM platform. Device Monitoring offers groundbreaking functionality for managing and monitoring devices feeding data into your Securonix SIEM. This new capability drastically enhances overall visibility and compliance reporting efforts, providing a feature set that rivals those of competitive SIEM solutions.
Why Device Monitoring Matters
Monitoring the activity level of each individual device
Many SIEMS have historically operated at the data source level, focusing solely on applications. While effective, this approach lacks visibility into the actual devices sending the data. This distinction is crucial. For example, if one of 50 firewalls at an organization or one single employee laptop out of thousands stop transmitting traffic, it is often difficult – if not nearly impossible – to detect.
With Device Monitoring, Securonix bridges this gap, delivering a holistic view of all devices along with granular insights into each individual device. Key capabilities include:
- Last Seen Tracking: Practitioners can monitor the last time an event was received from any device, allowing them to gain visibility into device activity levels across their environment.
- Receive Notifications: Security administrators can configure notifications to be sent as incident alerts or emails for any configured devices that go silent, stop sending data, or become inactive for any specified duration. This helps ensure continuous monitoring, operational efficiency, and compliance.
- Streamlined Device Management: Users can temporarily disable any device to prevent it from sending data, providing greater control and flexibility in managing telemetry sources.
- Additional Granular and Detailed Reporting on Devices: In addition to the last observed activity, device activity level, and configuration status, users can also view additional detailed information in the dashboard ranging from Datasource, RgId, Functionality, Tenant Name (for MSSPs), Device Creation Time, and when any particular device was last configured or modified.
The Device Monitoring Dashboard can be accessed from the Main Menu:
Figure 1) Securonix has introduced a new menu item to access the Device Monitoring dashboard: Menu > Views > Devices.
Figure 2) The Devices dashboard provides comprehensive insights into device activity, health, and configuration status, including the last-seen time, notification settings, and detailed device attributes like data source and tenant name. Users can also configure alerts to notify them when devices stop sending data or become inactive.
Device Configuration Status: The ‘Status’ column in the above UI screenshot provides visibility and insights each device’s configuration status and overall activity level by showing:
- Whether a device has been configured to send notifications.
- Whether a configured device is actively sending data or is inactive.
Additionally, the action column allows users to disable devices from sending data or remove them from the Device Monitoring dashboard:
Figure 3) Clicking on the gear icon in the Action column brings up a notification configuration window that enables you to disable devices from sending data or remove them from the Device Monitoring dashboard.
Figure 4) Security administrators can configure notifications as incident alerts or emails for devices that go silent or become inactive.
Compliance and Operational Advantages
Device Monitoring goes beyond device activity insights – it’s also a powerful tool for compliance. It enables compliance officers to generate a comprehensive list of being monitored by the SIEM, ensuring organizations using Securonix’s Unified Defense SIEM can easily meet compliance and auditing requirements. Additionally, it allows users to filter and identify devices that have stopped sending data to the Securonix Unified Defense SIEM.
Key Benefits of Device Monitoring
- Enhanced Visibility: A user-friendly UI provides insights into device activity levels, allowing MSSPs and other organizations to monitor devices more efficiently with increased automation.
- Improved Compliance: Compliance officers can easily access a comprehensive list of monitored devices, ensuring the SIEM meets auditing and regulatory requirements.
- Customizable Notifications: Teams receive tailored alerts when a device stops sending logs, enabling proactive issue resolution before problems escalate.
Now Available to All Customers
Device Monitoring is officially available to all Securonix Unified Defense SIEM customers. This feature has actively been rolled out, with early adopters already leveraging its capabilities to improve security posture and streamline operations.
Ready to explore Device Monitoring?
Discover how this feature can enhance your organization’s security and compliance efforts. Visit securonix.com, schedule a demo today, or contact your Securonix representative to get started. Current customers in North America can also request an on-site visit here.
